
module.exports=function (done) {
	$.router.post('/api/login',async function (req,res,next) {
		const user=await $.method('user.get').call({name:req.body.name});
		if (!user)
			return next(new Error('user does not exist!'));
		if (!$.utils.validatePassword(req.body.password,user.password)) {
			return next(new Error('password is not corrent'));
		}
		req.session.user=user;
		req.session.logout_token=$.utils.randomString(20);
		console.log('req.session.logout_token',req.session.logout_token);
		res.success({logout_token:req.session.logout_token});
	});
	
	$.router.get('/api/logout',function (req,res,next) {
		if (req.session.logout_token && req.query.logout_token != req.session.logout_token) {
			return next(new Error('invalid token'));
		}
		delete req.session.user;
		delete req.session.logout_token;
		res.success();
	});
	$.router.post('/api/signup',async function (req,res,next) {
		const user=await $.method('user.get').call(req.body);
		if (user)
			return next(new Error('user existed!'));
		{
			const user=await $.method('user.add').call(req.body);
			if (!user) {
				return next(new Error('user add failed!'));
			}
		}
		res.success({user});
	});
	done();
}